7. IT’S EVERYONE’S PROBLEM!
• Cybersecurity is NOT just IT’s problem.
• IT
• Emergency Management
• Law Enforcement
• And everyone in your organization
8. HUMAN FACTOR
• Vast majority of incidents due to human error
• Phishing, social engineering
• Enabled by agency and employee use of social media
• Careless info access/dissemination
• Public spaces
• Public wifi
• Unlocked computers
• Lack of caution
10. MOST COMMON ENDUSER THREATS
• Phishing
• Malware (including ransomware)
• Social Engineering/Vishing
• Social Media Threats
• Credential Reuse/poor password management
• Unauthorized Physical Access
11. MOST COMMON SYSTEM LEVEL THREATS
• Unpatched software
• SQL Injection Attack
• Cross Site Scripting (XSS)
• Denial-of-Service (Dos)
• Session Hijacking/Man-in-the-Middle Attacks
12. OUTCOMES
• Release of protected information
• Unauthorized control of systems
• Unauthorized access to information
• Data loss
• Loss of productivity
• System shutdowns
• Financial theft
• Law suits
Worst case: Somebody gets hurt or killed.
Second worst case: Somebody gets fired.
14. PREVENTION
• What have you done to prepare?
• What policies are in place?
• What training is in place?
• How are the policies enforced?
THINGS YOU MUST HAVE
• Emergency Operations Plan
• Cybersecurity Policy
• Acceptable Use Policy
18. SOFTWARE BASED
• Virus protection/detection
• Malware detection
• Firewalls
• Check websites/programs at virustotal.com
19. PASSWORD MANAGEMENT
• Never reuse passwords!
• Phrases instead of passwords
• Include letters/numbers/symbols
• Use an encrypted password manager
• Available from anywhere
• Encrypted end-to-end
• Allows sharing with other users (without revealing
the actual password)
• Review of top contenders at Wirecutter
20.
21. MULTI-FACTOR AUTHENTICATION
• Enable multi-factor authentication whenever possible.
• Requires you to do two things to
• All popular social media sites allow it.
• https://twofactorauth.org/ for list of sites that support two-factor
authentication.
24. SOCIAL MEDIA BASICS
• Assume everything you post is public
• Don’t share personal info
• Use proper privacy settings
• Practice strong security
• Regularly check security and privacy settings
25. MORE SOCIAL MEDIA
• Don’t share other people’s personal info without permission.
• Don’t friend people you don’t know!
• Never friend somebody more than once (the 2nd is often a spoofed account)
• Limit posts to be viewable by only your friends
• Limit post and photo tagging
• Remove location services
• Limit or remove 3rd party applications
26. MITIGATION
• What steps have you
taken?
• What steps can you
take?
• Monitoring
• Early Reporting
• Training
• Insurance
• Backups
• Redundancy
29. EARLY REPORTING
• Encourage people to report suspicious emails, texts, phone calls, people, etc.
• Don’t punish them for reporting that they may have done something dumb!
30. POLICIES AND TRAINING
• Develop clear, easy to understand policies
• Acceptable use of technology
• Reporting guidelines
• Facility access
• TRAIN, TRAIN, TRAIN
• Basic cybersecurity training should be provided for every person with
access to your facility
31. RESPONSE
• Do you have a response plan?
• Does everybody know how to recognize an
incident?
• Does your staff know what to do if they suspect an
incident?
• Who do you call for help?
32. RECOVERY
• What’s your recovery plan?
• Beyond just the technology
• Who do you call for help?
34. REFERENCES
• National Cyber Incident Response Plan, Department of Homeland Security, 2016
• Computer Security Incident Handling Guide (Revision 2) National Institute of
Standards and Technology, 2012
• Washington State Significant Cyber Incident Annex, Washington Military
Department – Emergency Management Division, 2015
• ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for
cybersecurity, International Standards Organization, 2012
35. ANNEX PARTS
• Policies
• Sets expectations
• Situation/Assumptions
• Requires all components to be in place
• Concept of Operations
• Will require local discussion
• Responsibilities
• EM/IT/LE
• Expect some pushback
37. COMMON ISSUES
• Most organizations lack a comprehensive cybersecurity policy that vests
responsibility with every employee.
• Those that have policies don’t enforce them
• A greater number of incidents occur than are reported in any formal way
• Lack of response plans leads to slow recognition, response, recovery.
• Lack of individual security leaves entire organization at risk
38. QUESTIONS?
Contact me:
Sarah Miller, MPA, CEM
Chair, IAEM Emerging Technology Caucus
Vice-President, IAEM Region 10
sarah@skmillerconsulting.com
twitter: @scba
Editor's Notes
Poll Title: What cybersecurity incidents have you heard about this year?
https://www.polleverywhere.com/free_text_polls/trBv6gBzxugkpgg
Poll Title: Has your organization experience any type of cybersecurity incident?
https://www.polleverywhere.com/multiple_choice_polls/CRaZDFv70xpKBKr
Malicious vs unintentional
Active attacks
Data breaches
Human error
Cyber warfare
Poll Title: Do you use multi-factor (or two factor) authentication on anything?
https://www.polleverywhere.com/multiple_choice_polls/5Oizh6IjK4g9tBi
Prevent tailgating and piggybacking
Require visible ID
Lock computers/phone when not in use
Train employees to challenge or report strangers
Using your work computers and phones in public spaces, such as planes.
Be mindful of your surroundings
Who can hear your conversation, see your laptop screen, read your paperwork, etc.?
Be cautious of wifi hotspots
Always use your VPN
Don’t let your devices connect automatically
Don’t leave things behind!
Maiden names
Dates of birth
Kids/grandkids dates of birth
Schools
Anything that correlates with any security question you’ve ever answered on- or off-line.